Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ssh fail to work

Hi all,

My ssh on my cisco asa 5510 fail to work.

I have enabled the following but my ssh client fail to connect to the firewall from my office network(connected to firewall inside interface).

aaa authentication ssh console LOCAL

ssh 10.0.0.0 255.0.0.0 inside

ssh timeout 5

I have also enable a rsa key and enable using ssh version 1 and 2

Pls advise. Thks in advance.

6 REPLIES
Cisco Employee

Re: ssh fail to work

Are you able to telnet on port 22?

Try to use a different SSH client as sometimes it could be problem with the client itself.

New Member

Re: ssh fail to work

Hi Jennifer,

I am unable to telnet to the firewall on port 22

Cisco Employee

Re: ssh fail to work

Hello Don

Would you please paste the result of the command show asp table socket?

Cheers

Mike

Mike
New Member

Re: ssh fail to work

Hi maykol,

I am using asa version 7.0

There is no "socket" option  for "show asp table"

The following options are available for "show asp table"

arp          Show ASP ARP table
  classify     Show ASP classifier tables
  interfaces   Show ASP interfaces tables
  routing      Show ASP route tables
  vpn-context  Show ASP VPN context tables

Cisco Employee

Re: ssh fail to work

Hello Don,

I hope you are doing great, would you please put the debug ssh 255 and try again?

Cheers

Mike

Mike
Cisco Employee

Re: ssh fail to work

Hi Don,

You can also setup a packet capture to confirm the SSH connection is actually reaching the inside interface of the firewall:

access-list capin permit tcp host host eq 22

capture capin access-list capin interface inside

show capture capin

If you see traffic reaching the firewall in the capture, try removing all SSH commands and re-adding them. Also, double check the syslogs that are generated at the time.The 7.0 version code is extremely old at this point, so you may also be running into a bug. Upgrading to 7.2(5) or 8.0(5) may help you overcome this problem as well.

If you don't see traffic reaching the firewall, double check network connectivity between your client and the firewall.

Hope that helps.

-Mike

636
Views
0
Helpful
6
Replies
CreatePlease to create content